CODEWITHSUNDEEP
javascriptnode.jssslsocket.io
Wouter0100
Wouter0100

Reputation: 450

SSL certificate Socket.io

I've created my own Livechat, it works fine but after i tried to add my SSL Certificate it doesn't work properly anymore.

I tried different codes.

var fs = require('fs');
var express = require("express");

var options = { 
    key:  fs.readFileSync('ca.key'), 
    cert: fs.readFileSync('ca.crt')
}; 

var expres = express()
  , app = require('https').createServer(options, expres)
  , io = require('socket.io').listen(app, { });

app.listen(8080);

and

var fs = require('fs');
var express = require("express");

var options = {
    key:    fs.readFileSync('ca.key'),
    cert:   fs.readFileSync('ca.csr'),
    ca:     fs.readFileSync('ca.crt'),
    requestCert:        true,
    rejectUnauthorized: false
};

var expres = express()
  , app = require('https').createServer(options, expres)
  , io = require('socket.io').listen(app, { });

 app.listen(8080);

The three files exists with the content. (ca.key, ca.csr and ca.crt)

Sometimes i get a 107 (ERR_SSL_PROTOCOL_ERROR) or sometimes the server don't even start.

Thanks,

Upvotes: 4

Views: 5477

Answers (1)

user568109
user568109

Reputation: 48003

If you check the https server API http://nodejs.org/api/https.html#https_class_https_server. You will find it is a subclass of tls.Server

Class: https.Server
This class is a subclass of tls.Server and emits events same as http.Server.

On checking tls.server API http://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener you'll see what all is required for the tls or https server:

key: A string or Buffer containing the private key of the server in PEM format. (Required)
cert: A string or Buffer containing the certificate key of the server in PEM format. (Required)

Since you are only using above two for one example. You should verify/test it with the required PEM format. You can create it using instructions given here http://nodejs.org/api/tls.html#tls_tls_ssl

openssl genrsa -out ryans-key.pem 1024
openssl req -new -key ryans-key.pem -out ryans-csr.pem
openssl x509 -req -in ryans-csr.pem -signkey ryans-key.pem -out ryans-cert.pem

After this you can check if other options are culprits or not, remove it when testing with the above certs.

//requestCert:        true,  
//rejectUnauthorized: false

Upvotes: 4

Related Questions